Latest Cybersecurity News and Articles
26 August 2025
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell.
The activity has been codenamed ZipLine by Check Point Research.
"Instead of sending unsolicited phishing emails, attackers initiate contact through a company's public 'Contact Us' form, tricking
26 August 2025
The personal information of many individuals was stolen from Healthcare Services Group’s computer systems in 2024.
The post Healthcare Services Group Data Breach Impacts 624,000 appeared first on SecurityWeek.
26 August 2025
A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators.
The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.
26 August 2025
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners.
The large-scale cybercrime campaign, first detected in August 2025, has been codenamed ShadowCaptcha by the Israel National
26 August 2025
Researchers show how popular AI systems can be tricked into processing malicious instructions by hiding them in images.
The post AI Systems Vulnerable to Prompt Injection via Image Scaling Attack appeared first on SecurityWeek.
26 August 2025
Auchan confirms that the personal information of hundreds of thousands of customers was stolen in a data breach.
The post Hundreds of Thousands Affected by Auchan Data Breach appeared first on SecurityWeek.
26 August 2025
Cybersecurity researchers have discovered a new variant of an Android banking trojan called HOOK that features ransomware-style overlay screens to display extortion messages.
"A prominent characteristic of the latest variant is its capacity to deploy a full-screen ransomware overlay, which aims to coerce the victim into remitting a ransom payment," Zimperium zLabs researcher Vishnu Pratapagiri
26 August 2025
CISA urges federal agencies to immediately patch an exploited arbitrary file write vulnerability in Git that leads to remote code execution.
The post Organizations Warned of Exploited Git Vulnerability appeared first on SecurityWeek.
26 August 2025
Tech giants have received a letter from the FTC urging them not to weaken security and privacy at the request of foreign governments.
The post FTC Calls on Tech Firms to Resist Foreign Anti-Encryption Demands appeared first on SecurityWeek.
26 August 2025
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store.
"Android will require all apps to be registered by verified developers in order to be installed by users on certified Android devices," the company said. "This creates crucial accountability, making it much harder for
26 August 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws impacting Citrix Session Recording and Git to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The list of vulnerabilities is as follows -
CVE-2024-8068 (CVSS score: 5.1) - An improper privilege management vulnerability in Citrix Session Recording
25 August 2025
A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing's strategic interests.
"This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade
25 August 2025
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.
The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.
"A malicious container running on Docker Desktop could access the
25 August 2025
Researchers unveil OneFlip, a Rowhammer-based attack that flips a single bit in neural network weights to stealthily backdoor AI systems without degrading performance.
The post OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail appeared first on SecurityWeek.
25 August 2025
Cybersecurity researchers have flagged a new phishing campaign that's using fake voicemails and purchase orders to deliver a malware loader called UpCrypter.
The campaign leverages "carefully crafted emails to deliver malicious URLs linked to convincing phishing pages," Fortinet FortiGuard Labs researcher Cara Lin said. "These pages are designed to entice recipients into downloading JavaScript
25 August 2025
CISA published a Minimum Elements for a Software Bill of Materials (SBOM) draft and has encouraged the public to offer comments.
25 August 2025
A recent survey found that when presented with an online safety issue, most teen respondents will ask for help from a parent or other trusted adult.
25 August 2025
Pakistani state-sponsored hacking group APT36 is targeting Linux systems in a fresh campaign aimed at Indian government entities.
The post Pakistani Hackers Back at Targeting Indian Government Entities appeared first on SecurityWeek.
25 August 2025
Aspire Rural Health System was targeted last year by the BianLian ransomware group, which claimed to have stolen sensitive data.
The post Aspire Rural Health System Data Breach Impacts Nearly 140,000 appeared first on SecurityWeek.
25 August 2025
Cybersecurity today moves at the pace of global politics. A single breach can ripple across supply chains, turn a software flaw into leverage, or shift who holds the upper hand. For leaders, this means defense isn’t just a matter of firewalls and patches—it’s about strategy. The strongest organizations aren’t the ones with the most tools, but the ones that see how cyber risks connect to business